There's a great piece of software called "molly-guard", which intercepts calls to "poweroff" and "reboot" and similar. It checks if it's being invoked via an SSH session, and if so, it asks you to type the name of the system you're shutting down. That way, you never accidentally shut down a remote server when you meant to shut down your own system (or a different server).
Another fun one is disabling the network interface on a remote server. An acquaintance did that by mistake on a cloud VM running some core services, and the cloud provider had no virtual console for some reason. Ended up having to write off the VM and restore from backup. Fun day at the office.
I am confused by the second guy who was curious and punched the plastic lid… it says you have to hold the button down for 30 seconds, how did that happen?
In DevOps (and Lean, TPS) the more advanced form of this is the Poka-Yoke (https://en.wikipedia.org/wiki/Poka-yoke). Poka-yokes don't just add safety, they also guide the human away from making a mistake.
The canonical example is the automatic shift knob in a car. The shift knob is designed to 1) prevent you from accidentally shifting all the way back into reverse without pressing the shift button, and 2) prevents you from leaving park or neutral without depressing the brake pedal. This way you don't damage the drivetrain or accidentally cause the car to roll forward/backward.
Poka-yoke is a form of defensive design (https://en.wikipedia.org/wiki/Defensive_design). For a beautiful example of defensive design, see the average electric kettle. If water boils over the top it won't short the device, if it boils dry it'll stop operating, the handle and body are plastic to prevent burning yourself, the handle is ergonomic to make carrying 1.5L of sloshing boiling water not cause you to spill it, the cord is detached from the kettle so you don't yank the cord and spill the boiling water, the switches are located on the bottom away from hot steam, and the lids usually lock while in operation, again to prevent damage from spillage or steam. It's the simplest and safest possible way to boil water, and it's $20.
Seeing long presses implemented for those intermittent and irreversible actions in games is something I‘ve always appreciated. I often end up making errant inputs, especially on keyboards.
A guard I often make for myself is removing/disabling the delete key on my keyboard, and setting FN+Backspace to Delete with whatever control software is involved. I often then repurpose the delete key location to F2, which is typically used to “Edit” a spreadsheet cell or file name.
I think that may be a combination of (IMHO unfortunate) factors:
* Yes, on some systems rm is aliased to rm -i by default.
* Some scripts will use rm -f because normal rm returns an error if the target already doesn't exist but -f doesn't care.
* Finally, sometimes files are just ... I think it's being marked read-only that does it? I've hit this while trying to rm a git checkout; you actually do need to add -f sometimes to succeed. So if you just add -f then it'll always work.
Just please don't start adding molly-guards to your software. The concept only makes sense in the physical world, e.g. where the "important button", that you might never have to press, needs to be in reach all the time. In software, there are better solutions.
my favorite Debian package is Mollyguard so when you shut down a server remotely via SSH it just checks the second time to make sure you really wanted to shut down that server and not your laptop.
"Are you sure?" type guards are not suitable for actions which the user does regularly. If a user repeats this action regularly, they quickly automate the thought process (i.e. don't give it any thought anymore) and it becomes useless.
>> At 08:56 a ‘Trade Limit Warning’ pop-up alert appeared within PTE. This presented the trader with 711 warning messages, consisting of hard block and soft block messages, listed in a single alert where only the first 18 lines of alerts were immediately visible unless the person who received the alert scrolled down. The trader did not appreciate their inputting error and overrode all of the soft warnings in the pop-up.
> You get 711 alerts, you only see 18 of them, you are like “ehh 18 alerts is pretty much the normal number,” you override them all without reading.
It's not nitpicking. The nature of the interruption being different is material. I've lost files to automatically answering yes to rm -i y/n confirm. Typing the hostname itself is different enough to get me, at least to stop and go wait, hold on. And snap me out of doing the wrong one. Especially an SSH gateway machine.
I do wish those were a thing on flat touch sensitive induction cooktops! (For all those pesky water droplets causing the cooktop to error out and turning itself off)
The canonical example is the automatic shift knob in a car. The shift knob is designed to 1) prevent you from accidentally shifting all the way back into reverse without pressing the shift button, and 2) prevents you from leaving park or neutral without depressing the brake pedal. This way you don't damage the drivetrain or accidentally cause the car to roll forward/backward.
Poka-yoke is a form of defensive design (https://en.wikipedia.org/wiki/Defensive_design). For a beautiful example of defensive design, see the average electric kettle. If water boils over the top it won't short the device, if it boils dry it'll stop operating, the handle and body are plastic to prevent burning yourself, the handle is ergonomic to make carrying 1.5L of sloshing boiling water not cause you to spill it, the cord is detached from the kettle so you don't yank the cord and spill the boiling water, the switches are located on the bottom away from hot steam, and the lids usually lock while in operation, again to prevent damage from spillage or steam. It's the simplest and safest possible way to boil water, and it's $20.
Also, perhaps `rm` should be molly guarded to move things to the trash on all systems by default, and delete only if forced to by a flag.
Note: I’d have expected Molly to be a cat, because they tend to be pretty good at disrupting things in my experience.
A guard I often make for myself is removing/disabling the delete key on my keyboard, and setting FN+Backspace to Delete with whatever control software is involved. I often then repurpose the delete key location to F2, which is typically used to “Edit” a spreadsheet cell or file name.
Not all systems, but some (RHEL, I think?) default alias rm='rm -i', yes
* Yes, on some systems rm is aliased to rm -i by default.
* Some scripts will use rm -f because normal rm returns an error if the target already doesn't exist but -f doesn't care.
* Finally, sometimes files are just ... I think it's being marked read-only that does it? I've hit this while trying to rm a git checkout; you actually do need to add -f sometimes to succeed. So if you just add -f then it'll always work.
>> At 08:56 a ‘Trade Limit Warning’ pop-up alert appeared within PTE. This presented the trader with 711 warning messages, consisting of hard block and soft block messages, listed in a single alert where only the first 18 lines of alerts were immediately visible unless the person who received the alert scrolled down. The trader did not appreciate their inputting error and overrode all of the soft warnings in the pop-up.
> You get 711 alerts, you only see 18 of them, you are like “ehh 18 alerts is pretty much the normal number,” you override them all without reading.
I discussed this also here:
https://news.ycombinator.com/item?id=46845740